﻿<?php
$config = require_once("../config.inc.php");
$cfg = parse_url($config['DB_CONFIG']);
$cfg['pass'] = empty($cfg['pass']) ? '' : urldecode($cfg['pass']);
$cfg['user'] = urldecode($cfg['user']);
$cfg['path'] = str_replace('/', '', $cfg['path']);
//==========数据库连接开始============================
$connect = mysql_connect($cfg['host'], $cfg['user'], $cfg['pass']) OR DIE("连接数据库失败");
mysql_select_db($cfg['path']) or die( "Unable to select database ".$cfg['path']);
mysql_query("set names utf8");//设定字符集,防止页面出现乱码 
//==========数据库连接结束============================

//获取接口传递过来的参数
$style = "json";//目前只支持json格式
$func = $_POST['func'] ? dowith_sql($_REQUEST['func']) : "trace";//操作类型
$partner = dowith_sql($_REQUEST['partner']); 
$pass = dowith_sql($_REQUEST['pass']); 
$content = dowith_sql($_REQUEST['content']);
$verify = dowith_sql($_REQUEST['verify']);
$result = array();//内容
$status = "OK";//OK是对的，NO是参数有误 *

//判断是否过来了
if(!$style || !$func || !$partner || !$content || !$verify)
{
	$status = "NO";
	$code = "s05";
	$remark = urlencode('缺少完整的参数');
	output_json(NULL, NULL, $verify, $status, $code, $remark);	
}

//判断操作类型
if($func != "trace")
{
	$status = "NO";
	$code = "s03";
	$remark = urlencode('无效的指令操作');
	output_json(NULL, NULL, $verify, $status, $code, $remark);	
}

//开始判断有效时间
//$contrast_time = time() - strtotime($datetime);
//if( $contrast_time < -120 || $contrast_time > 1800) //30分钟1800秒
//{
//	$result[] = array('acceptTime' => date("Y-m-d H:i:s",time()), 'remark' => urlencode('不是有效日期，相差了'.$contrast_time.'秒'));
//	$status = "NO";
//	output_json($yundanhao, $result, $verify, $status, $code, $remark);
//	
//}

//判断是否有效的帐号密码
$kehu_result = mysql_query("SELECT status,partner,pass FROM cj_kd_kehu WHERE partner='{$partner}' ");
$kehu_data = mysql_fetch_array($kehu_result,MYSQL_ASSOC);
if(!$kehu_data){
	$status = "NO";
	$code = "s08";
	$remark = urlencode('非法的账户信息');
	output_json(NULL, NULL, $verify, $status, $code, $remark);	
}
else
{
	if($kehu_data['pass'] == '1'){
		$status = "NO";
		$code = "s53";
		$remark = urlencode('已暂停用户的权限');
		output_json(NULL, NULL, $verify, $status, $code, $remark);	
	}	
	//判断请求的校验加密串
	$now_verify = md5($partner.$content.$kehu_data['pass']);
	if($verify != $now_verify){
		$status = "NO";
		$code = "s04";
		$remark = urlencode('非法的数据签名');
		output_json(NULL, NULL, $verify, $status, $code, $remark);	
	}
}

//调用快递单号的物流信息
switch($func)
{
  case 'trace':
  
	  //解码查询单号//base64_decode($content)
	  $yundanhao = base64_decode($content); 	  
	  $wuliu_result = mysql_query("SELECT * FROM cj_kd_wuliu WHERE yundanhao='{$yundanhao}' ORDER BY addtime");
	  while($row = mysql_fetch_array($wuliu_result,MYSQL_ASSOC)){
		  $wuliu_data[] = array('acceptTime' => date("Y-m-d H:i:s",$row['addtime']), 'remark' => urlencode($row['yudan_text']));
	  }
	  if($wuliu_data){
		  $result['name'] = "traces";
		  $result['data'] = $wuliu_data;
		  $status = "OK";
	  }else{
		  $status = "NO";
		  $code = "s52";
		  //如果没有物流时，查询该运单号是否有效
		  $wuliu_result = mysql_query("SELECT yundanhao FROM cj_kd_order WHERE yundanhao='{$yundanhao}'");
		  if(mysql_fetch_array($wuliu_result,MYSQL_ASSOC)){
			  $remark = urlencode('暂无物流信息');	
		  }else{
			  $remark = urlencode('单号不存在');		  
		  }
	  }	  

	  break; 
  
  default:
}
mysql_close($connect);
output_json($yundanhao, $result, $verify, $status, $code, $remark);

/** 输出json数据****/
function output_json($content = NULL, $result = NULL, $verify, $status, $code, $remark)
{
	!$result && $status = 'NO';
	$array['content'] = $content;
	$result && $array[$result['name']] = $result['data'];
	$code && $array['code'] = $code;
	$remark && $array['remark'] = $remark;
	$array['verify'] = $verify;
	$array['status'] = $status;
	$json_txt = json_encode($array);
	$return_txt = urldecode($json_txt);//结合urlencode防止json_encode把中文转码
	//输出内容==============================
	exit($return_txt);	
}

//过滤字符
function dowith_sql($str)
{
	$str = str_replace("and","",$str);
	$str = str_replace("execute","",$str);
	$str = str_replace("update","",$str);
	$str = str_replace("count","",$str);
	$str = str_replace("chr","",$str);
	$str = str_replace("mid","",$str);
	$str = str_replace("master","",$str);
	$str = str_replace("truncate","",$str);
	$str = str_replace("char","",$str);
	$str = str_replace("declare","",$str);
	$str = str_replace("select","",$str);
	$str = str_replace("create","",$str);
	$str = str_replace("delete","",$str);
	$str = str_replace("insert","",$str);
	$str = str_replace("'","",$str);
	//$str = str_replace("=","",$str);
	return $str;
}  
?>